Cisco Ios - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual

18
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
C IOS
ISCO
You can integrate a Cisco IOS 12.2, 12.5 and above with STRM. A Cisco IOS DSM
accepts Cisco IOS events using syslog. STRM records all relevant events.
Note: Make sure all Access Control Lists (ACLs) are set to LOG.
Before you configure STRM to integrate with a Cisco IOS server, you must:
Log in to the router in privileged-exec mode and switch to configuration mode.
conf t
Enter the following series of commands:
logging <ip address>
logging source-interface <interface>
Where:
< is the IP address hosting STRM and the SIM components.
ip address>
is the name of the interface, for example, dmz, lan, ethernet0, or
<interface>
ethernet1.
Enter the following commands to configure the priority level:
logging trap warning
logging console warning
Where is the priority setting for the logs.
warning
Configure the syslog facility:
logging facility syslog
Save and exit the file.
Copy running-config to startup-config:
copy running-config startup-config
You are now ready to configure the sensor device within the STRM interface. To
configure STRM to receive events from a Cisco IOS device, you must select one of
the following options from the Sensor Device Type drop-down list box (depending
on your system): Cisco IOS, Cisco 12000 Series, Cisco 6500 Series Router,
Cisco 7600 Series Router, Cisco Carrier Routing Router, or Cisco Integrated
Configuring DSMs Guide